"Do we need to seize five computers in a suspect's house or could we use a simple tool to preview on site and identify there's that one email we are looking for and we can then use that and interview the person now, rather then waiting six to 12 months for the evidence to come back to us?

"For example, look at breathalysers - I am not a scientist, I could not do a chemical test on somebody when they are arrested for drink driving but I have a tool that tells me when to bring somebody in."

I mean, sure, it would be good to be able to do that... but how could you possibly develop an algorithm that would work that way. A breathalyzer works because you have one single (measurable) thing to measure: blood-alcohol levels. For crime, there's simply no way to do something like that. Yes, it is a good idea for police to be able to do better computer forensics, and not have to wait forever for computer contents to be examined -- but this seems like pure wishful thinking.

What they should really be making is a device to scan babies to determine whether they'll grow up to be criminals. Then they should kill those babies before they have a chance to commit any crimes. In a couple of generations the UK will be crime free.

I can imagine Charlie McMurdie's tech guy gets really annoyed with him. Always run into people that don't know left from right when sat in front of a computer then think you are a lazy jerk for not coming up with a computer solution that would be pure magic for all intents and purposes.

This is clearly just...

A remark made by an uninformed person. She might be asking for the impossible, but she's on the right track. I'm not in law enforcement so I don't know what tools they currently have, but if they DON'T already have a tool for 'profiling' a computer quickly for suspicious activity, they need one. As long as it was presented as a tool that could easily have false positives, then this isn't a bad idea.

The problem occurs if somebody makes a profile device and then says "This will tell you if there's crime on a computer!".

Re: but honestly ...

maybe the breathalyzer has been proven inaccurate from time to time .... but just try to imagine how many times they have been right. You cannot use the argument that just because it isn't perfect that it is worthless ... at least not about road-side alcohol testing.

Re: This is clearly just...

How would that possibly work. Everybody discussing Call of Duty tactics by email or IM would be flagged as a terrorist. Anyone talking about the cool stunt he pulled in GTA could be flagged as a criminal/murderer. Sorry, in most cases, this type of evidence is subjective and requires too much circumstantial evidence.

Not too stupid

We spend a lot of time catching bad guys posting fradulent stuff on www.justlanded.com, and I am sure it would be possible for a tool to be created to scan a PC for bad stuff if it's one the HDD without encryption - for fraud stuff, simple keyword stuff would be able to flag bad comms, for kiddie-porn looks for video files and do keyword stuff. It wouldn't be tough to do and could be useful in a time-sensitive situations. Bad news is that this wouldn't prove the PC was clean, so I guess if they don't find anything they will cart it off anyway.

I would be more worried about the fact that plod finds it increasingly easy to get hold of someone's PC in the first place.

Re: Not too stupid

already available

"A breathalyzer works because you have one single (measurable) thing to measure: blood-alcohol levels."

Things have probably changed in the 20 years since I looked at the schematic for a breathalyzer, but at the time there were two things to measure. Breath-alcohol levels were one and, I believe, acetone was the other. It's present in the breath of diabetics and absorbs some of the same wavelengths of light as alcohol and, coincidentally, the ones used to measure alcohol levels in breath.

On topic, the RIAA already has such software. The instant it detects that it's been connected to a computer it alerts to the presence of a criminal, because everyone pirates music.

Re: Re: but honestly ...

"maybe the breathalyzer has been proven inaccurate from time to time .... but just try to imagine how many times they have been right. You cannot use the argument that just because it isn't perfect that it is worthless ... at least not about road-side alcohol testing.

here in America you're innocent until proven guilty. If you put one person away who didn't deserve it based on bogus breathalyser data, the system has failed. So, maybe you can use your argument in Britain, but not in the US. A voting machine that miscounts votes is worthless. A breathalyser that 99% of the time works everytime is worthless as well. Close only counts in horseshoes and hand grenades.

Re: Re: Re: Re: This is clearly just...

"Didn't know porn was illegal."

Child porn is. And in the US "obscene" porn is illegal, but it's hard to prosecute because no one really knows what "obscene" porn is. It's based on "community standards" which even juries cannot agree upon.

To play devil's advocate here, it doesn't sound like what's being wished for is a magic scanner that says 'hey, you committed a crime, now I'm going to arrest you,' from the quoted material it sounds like what's being said is 'When we execute a warrant on someone's home and there are 5 computers in a home, some of which might not even belong to the suspect, it would be nice if we could just quickly run a scan on the computers and see which ones have no evidence of criminal activity right there, so we don't have to waste our time seizing them and having our forensic techs run them when they could be focusing on the ones that do pass a preliminary test for potential evidence of crime.' Which to me doesn't seem like that bad of an idea, after all we use luminol to look for blood to cut out just that square of carpet for testing rather than ripping up the entire carpet and taking it back to the lab so see if there might be some blood on it. You still have to find the legitimate evidence to make a case and have your warrants in order, but it could narrow how much evidence you have to sift through.

Of course whether something like this is possible, who knows, maybe someday if there was enough money invested in development. (Or if the UK has a lot of Bond villlians with powerpoint presentations called MyCriminalPlanForWorldDomination.ppt on their C drives, it might be closer than we think.)

Silly...

We're ALL criminals... didn't you hear... if you break any of a websites Terms of Service... you are guilty of computer hacking!

My website's ToS involves you handing over your first born to me every full moon - but only if it's a girl, she's over 18 and very hot! Failure to meet any of those terms and you are a computer hacker!

Re: Breathalyzer

They use the breathalyzer for the in field test. If positive they take you to the station and get a sample by more accurate means. I've seen Cops episodes where they take a blood sample at the station. So you can call the breathalyzer a preliminary check.

Re: Re: Re: This is clearly just...

Not that hard.

From the quote above it sounds like what he's looking for can already be done.. and done easily.
If he has a list of documents he wants to find, or suspects might be on a computer, a hash can be made of that file(s).
Then in 20 minutes each of those computers can be hashed on the spot(every individual file, not the hard drive as a whole), and any hashs that match your list of known files will pop up.

If that's all he's looking for, it's already ont eh market, or could be with almost no extra work.

Re: Re: Re: This is clearly just...

"How would that possibly work."

"It could scan for credit card information. Certainly a list of credit card numbers would be suspicious."
Unless you had a lot of credit cards and used a digital wallet program to keep up with them, or if you owned a small business with, say, consultants who had company cards and you wanted to keep the numbers on file.

"It could scan for large numbers of MP3s and video files, which could indicate copyright infringement."
Unless you happend to be a DJ, or wedding videographer, or just someone who happens to have a large CD collection and prefers the convenience of the mp3 format.

"It could scan for cracks and keygens. Which again could indicate copyright infringement."
Unless you happened to have purchased a video game with non-functional, draconian DRM for which the game publisher suggested that you download the crack so you could play your legally purchased game.

"It could scan for mass mailing software, which could indicate spamming."
Unless you happen to be a marketer or even just a small business owner for whom these tools would be invaluable.

"I could scan image files for high amounts of flesh colors which could indicate porn."
You could, but then you'd find all of my family photos taken in my living room where my wife painted the walls "Bare Essences", which looks amazingly like nude flesh.

Honestly, the potential for false positives that would have to be more closely scrutinized makes any kind of tool like this useless and a waste of time.

One of my friends does Digital Forensic's and he had pointed me out to a similar tool made by Microsoft for police forces.
If what I understand of it, it's a USB dongle that'll break through majority of password's they've put on it, include encryption, and most handily copy over anything stored on the RAM, which obviously goes if they seize the computer.
Here's the first link I came across - http://seattletimes.nwsource.com/html/microsoft/2004379751_msftlaw29.html

Re:

Re: that hard

That's not entirely true.. there are a number of of well tested tools which function on intact computer s that have been upheld in courts and properly peer tested. But in general, it does require the removal of the hard drive for any in depth analysis.

Plus it should be noted, that if the police find anything, it's a given that they will seize and process every other computer as well. No cop will ever find one piece of evidence, and then call the search quits and leave. If a cop searchs your car and finds a crack pipe, you know they are going to tow that car to the station and tear it apart looking for anything else.

The point the guys over at slashdot were making was this: don't police officers need a warrant to look for something specific? If they bust into a house looking for drugs, and then do a scan of a computer, isn't that sort of violating the search warrant? If today, you have to bring a computer in for forensics, then it is less likely that police will violate a warrant. But if they can do a quick scan, which indicates "maybe" criminal activity, then that can be classified as in plain site = violating warrant.

I'll make it

I'll make their scanning program. Of course, I'll add in some code that will automatically declare any computer used by ME to be completely clean. And maybe some additional code to put clearly illegal content on the computers of people I don't like.

While they're at it, they can try out these ideas...
1. They can put cameras in how homes.
2. Daily polygraph test.
3. Fit breathalysers / drug detectors to our cars.
4. Direct all internet traffic thro' central filters.
5. Do away with the need for trials (the police know who is guilty - why waste money on lawyers and let criminals off the hook)
6. Mandatory prison time every 5 years just in case they miss something (use a suitably prot name like "peoples' work camp").

Re: Re: Re: but honestly ...

By your logic, we could never arrest anyone for any crime, regardless of the evidence. Even if you were to catch them committing a crime on film, it wouldn't be sufficient to arrest them because it's possible that a glitch in the operations of the camera could have altered details of the image such that it looked like the suspect, but was actually someone else.

You must never use any product, ever, because it doesn't have a 100% success rate. You must have typed your asinine response on the most advanced piece of computing machinery in the universe, given that it obviously can't fail - otherwise you'd have nothing to do with it.

Re: Re: Re: This is clearly just...

Credit Card Numbers look like any other sort of number.

MP3s and Video files are used for legitimate reasons more often then illegal ones

Cracks and Keygens are programs, and hence very difficult to decode without running them. Other programs have similar outputs to Cracks and Keygens. That is to say 'Legitamate copies' and 'Random number generators'

Mass mailing software... see same program problem

Image files with high amounts of flesh color? Since when was my faimly album with about 700 photos of my faimly illegal? Even if some of them are closeups of their faces?

"At least 23% (that's about one out of every four) of all individuals tested will have a BAC reading higher than their actual BAC. 1 Therefore, many people convicted of DUI/DWI simply on the basis of a breath test results alone will be innocent drivers who are falsely convicted."

Re: Re: Re: This is clearly just...

"It could scan for credit card information. Certainly a list of credit card numbers would be suspicious. "

How would you determine "credit card numbers"? Strings of 16 numbers? That could be anything, especially if the data is encrypted, and thieves could just as easily encrypt the data using non-numeric characters to bypass the filter.

"It could scan for large numbers of MP3s and video files, which could indicate copyright infringement. "

Or someone running a video production company. Or a DJ transferring his collection to a backup server. Or someone transferring CC-licenced material.

"It could scan for cracks and keygens. Which again could indicate copyright infringement. "

Or someone trying to bypass the stupid CD keys on his own legally purchased software. Not to mention, how would you quantify a "crack" or "keygen"? Filenames? Pirates will name them something else. Content? How do people determine which sequence of 0s and 1s constitutes such a thing?

"It could scan for mass mailing software, which could indicate spamming. "

"I could scan image files for high amounts of flesh colors which could indicate porn."

Or someone with a lot of wedding, school or photos of other groups of people (and/or any legitimate glamour photographer you can think of). This has been tried with little success btw - slight old example here: http://www.dansdata.com/pornsweeper.htm, but there's many other failures.

Basically, there's no way of a system like this working without generating a huge amount of false positives while blocking massive amounts of legitimate usage.